There are various security-related topics throughout VOLTTRON’s documentation.
This is a quick roadmap for finding security documentation.

A core component of VOLTTRON is its message bus.
The security of this message bus is crucial to the entire system.
The VOLTTRON Interconnect Protocol provides
communication over the message bus. VIP was built with security in mind
from the ground up. VIP uses encrypted channels and enforces agent
authentication by default for all network communication.
VIP’s authorization mechanism allows system
administrators to limit agent capabilities with fine granularity.

The VOLTTRON team has engaged with PNNL’s Secure Software Central team to create
a threat profile document. You can read about the threat assessment findings and
how the VOLTTRON team is addressing them here: SSC Threat Profile

Additional documentation related to VIP authentication and authorization
is available here: